Way to verify username and password of user in aws cognito using adminInitiateAuth() method #4621

chintu11 · 2022-11-22T06:25:55Z

Requirement:
Below code is having 2 functions. 1st verify the username and password of user and if it is true it trigger OTP in SMS(Default behavior of AWS as 2 factor authentication is enabled). But we do not want OTP in SMS. We want OTP in Email with custom template, so implemented 2nd function with AuthFlow: 'CUSTOM_AUTH'(and 2nd method works as expected).
We do not want OTP to be triggered in SMS(But also can not disable 2 factor auth because it is used in other use cases). Also, only need solution using aws-sdk. There are ways using amplify and other library but it is not useful in case of App client secret is there.

//verify username,password and send code in sms
response0 = await cognitoIdentityServiceProvider.adminInitiateAuth({
    AuthFlow: 'ADMIN_NO_SRP_AUTH',
    ClientId: tenant.cognitoClientId,
    UserPoolId: tenant.cognitoUserPool,
    AuthParameters: {
        SECRET_HASH: crypto.createHmac('SHA256', tenant.cognitoClientSecret).update(username + tenant.cognitoClientId).digest('base64'),
        USERNAME: username,
        PASSWORD: password
    }
}).promise();


// send code to email using custom auth flow 
response1 = await cognitoIdentityServiceProvider.adminInitiateAuth({
    AuthFlow: 'CUSTOM_AUTH',
    ClientId: tenant.cognitoClientId,
    UserPoolId: tenant.cognitoUserPool,
    AuthParameters: {
        SECRET_HASH: crypto.createHmac('SHA256', tenant.cognitoClientSecret).update(username + tenant.cognitoClientId).digest('base64'),
        USERNAME: username,
        PASSWORD: tenantId + secrets.PASSWORD_SECRET
    }
}).promise();

Need solution where we can check username password using AuthFlow: 'CUSTOM_AUTH'(Can change lambda triggers) or any other way where OTP should not be triggered and able to check username and password correctly.

The text was updated successfully, but these errors were encountered:

ashishdhingra · 2024-03-27T18:43:51Z

Transferred issue to AWS SDK for JS repo for initial triage. Most likely this is a Q&A discussion.

aBurmeseDev · 2024-04-23T23:32:47Z

Hi there - apologies for the long wait.

Your case is unique and very specific which is why I reached out to service team to get more insights from them. I'll post update as soon as I hear back.

P127469405

yenfryherrerafeliz self-assigned this Nov 28, 2022

RanVaknin assigned ashishdhingra and unassigned yenfryherrerafeliz Mar 1, 2024

ashishdhingra added bug This issue is a bug. needs-triage This issue or PR still needs to be triaged. labels Mar 27, 2024

ashishdhingra removed their assignment Mar 27, 2024

ashishdhingra transferred this issue from aws/aws-sdk Mar 27, 2024

aBurmeseDev self-assigned this Apr 23, 2024

aBurmeseDev added service-api This issue is due to a problem in a service API, not the SDK implementation. guidance Question that needs advice or information. and removed needs-triage This issue or PR still needs to be triaged. labels Apr 23, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Way to verify username and password of user in aws cognito using adminInitiateAuth() method #4621

Way to verify username and password of user in aws cognito using adminInitiateAuth() method #4621

chintu11 commented Nov 22, 2022

ashishdhingra commented Mar 27, 2024

aBurmeseDev commented Apr 23, 2024 •

edited

Way to verify username and password of user in aws cognito using adminInitiateAuth() method #4621

Way to verify username and password of user in aws cognito using adminInitiateAuth() method #4621

Comments

chintu11 commented Nov 22, 2022

ashishdhingra commented Mar 27, 2024

aBurmeseDev commented Apr 23, 2024 • edited

aBurmeseDev commented Apr 23, 2024 •

edited